Share via

az afd security-policy

  • Reference

Manage security policies within the specified profile.

Commands

Name Description Type Status
az afd security-policy create

Create a new security policy within the specified profile.

 Core GA
az afd security-policy delete

Delete an existing security policy within profile.

 Core GA
az afd security-policy list

List security policies associated with the profile.

 Core GA
az afd security-policy show

Get an existing security policy within a profile.

 Core GA
az afd security-policy update

Update a new security policy within the specified profile.

 Core GA
az afd security-policy wait

Place the CLI in a waiting state until a condition is met.

 Core GA

az afd security-policy create

Create a new security policy within the specified profile.

az afd security-policy create --domains
                              --name
                              --profile-name
                              --resource-group
                              --waf-policy
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]

Examples

Creates a security policy to apply the specified WAF policy to an endpoint's default domain and a custom domain.

az afd security-policy create -g group --profile-name profile --security-policy-name sp1 --domains /subscriptions/sub1/resourcegroups/rg1/providers/Microsoft.Cdn/profiles/profile1/afdEndpoints/endpoint1 /subscriptions/sub1/resourcegroups/rg1/providers/Microsoft.Cdn/profiles/profile1/customDomains/customDomain1 --waf-policy /subscriptions/sub1/resourcegroups/rg1/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/waf1

Required Parameters

--domains

The domains to associate with the WAF policy. Could either be the ID of an endpoint(default domain will be used in that case) or ID of a custom domain. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--name --security-policy-name -n

Name of the security policy under the profile.

--profile-name

Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--waf-policy

The ID of Front Door WAF policy.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az afd security-policy delete

Delete an existing security policy within profile.

az afd security-policy delete [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--profile-name]
                              [--resource-group]
                              [--subscription]
                              [--yes]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --security-policy-name -n

Name of the security policy under the profile.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--profile-name

Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az afd security-policy list

List security policies associated with the profile.

az afd security-policy list --profile-name
                            --resource-group
                            [--max-items]
                            [--next-token]

Required Parameters

--profile-name

Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az afd security-policy show

Get an existing security policy within a profile.

az afd security-policy show [--ids]
                            [--name]
                            [--profile-name]
                            [--resource-group]
                            [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --security-policy-name -n

Name of the security policy under the profile.

--profile-name

Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az afd security-policy update

Update a new security policy within the specified profile.

az afd security-policy update [--add]
                              [--domains]
                              [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                              [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--profile-name]
                              [--remove]
                              [--resource-group]
                              [--set]
                              [--subscription]
                              [--waf-policy]

Examples

Update the specified security policy's domain list.

az afd security-policy update -g group --security-policy-name sp1 --profile-name profile --domains /subscriptions/sub1/resourcegroups/rg1/providers/Microsoft.Cdn/profiles/profile1/customDomains/customDomain1

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--domains

The domains to associate with the WAF policy. Could either be the ID of an endpoint(default domain will be used in that case) or ID of a custom domain. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --security-policy-name -n

Name of the security policy under the profile.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--profile-name

Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--waf-policy

The ID of Front Door WAF policy.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az afd security-policy wait

Place the CLI in a waiting state until a condition is met.

az afd security-policy wait [--created]
                            [--custom]
                            [--deleted]
                            [--exists]
                            [--ids]
                            [--interval]
                            [--name]
                            [--profile-name]
                            [--resource-group]
                            [--subscription]
                            [--timeout]
                            [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name --security-policy-name -n

Name of the security policy under the profile.

--profile-name

Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.